You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@directory.apache.org by "Endi S. Dewata (JIRA)" <ji...@apache.org> on 2006/03/30 00:18:28 UTC
[jira] Created: (DIRSERVER-605) Inconsistent behavior with
anonymous access
Inconsistent behavior with anonymous access
-------------------------------------------
Key: DIRSERVER-605
URL: http://issues.apache.org/jira/browse/DIRSERVER-605
Project: Directory ApacheDS
Type: Bug
Components: core
Versions: 1.0-RC1, 1.1.0
Reporter: Endi S. Dewata
Searching the Root DSE as an anonymous user using different clients produces inconsistent results.
The tests were performed using Sun's JNDI client and Novell's Java LDAP client (http://www.openldap.org/jldap). Please the notes in the attached test case for more details.
On ApacheDS 1.0-RC1 with allowAnonymousAccess=true the results are:
- JNDI Client : pass
- V2 JNDI Client : pass
- V3 JNDI Client : pass
- LDAP Client : pass
- V2 LDAP Client : pass
- V3 LDAP Client : pass
In this scenario everything passes as expected.
On ApacheDS 1.0-RC1 with allowAnonymousAccess=false the results are:
- JNDI Client : pass
- V2 JNDI Client : pass
- V3 JNDI Client : fail
- LDAP Client : fail
- V2 LDAP Client : pass
- V3 LDAP Client : pass
In this scenario everything was expected to fail.
On ApacheDS 1.1 with allowAnonymousAccess=true the results are:
- JNDI Client : pass
- V2 JNDI Client : fail
- V3 JNDI Client : pass
- LDAP Client : pass
- V2 LDAP Client : fail
- V3 LDAP Client : pass
In this scenario everything was expected to pass.
On ApacheDS 1.1 with allowAnonymousAccess=false the results are:
- JNDI Client : pass
- V2 JNDI Client : fail
- V3 JNDI Client : fail
- LDAP Client : fail
- V2 LDAP Client : fail
- V3 LDAP Client : pass
In this scenario everything was expected to fail.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira
[jira] Closed: (DIRSERVER-605) Inconsistent behavior with anonymous
access
Posted by "Alex Karasulu (JIRA)" <ji...@apache.org>.
[ http://issues.apache.org/jira/browse/DIRSERVER-605?page=all ]
Alex Karasulu closed DIRSERVER-605.
-----------------------------------
Resolution: Won't Fix
Hmmm I think this is moot now because we've decided not to support LDAPv2. I will however look at applying endis consistency tests to non LDAPv2 based test cases. Still thanks Endi for doing this research. If you find issues with RC4-SNAPSHOT please let me know and I can reopen this issue.
> Inconsistent behavior with anonymous access
> -------------------------------------------
>
> Key: DIRSERVER-605
> URL: http://issues.apache.org/jira/browse/DIRSERVER-605
> Project: Directory ApacheDS
> Issue Type: Bug
> Components: core
> Affects Versions: 1.0-RC1, 1.1.0
> Reporter: Endi S. Dewata
> Assigned To: Alex Karasulu
> Attachments: AnonymousAccessTest.java
>
>
> Searching the Root DSE as an anonymous user using different clients produces inconsistent results.
> The tests were performed using Sun's JNDI client and Novell's Java LDAP client (http://www.openldap.org/jldap). Please the notes in the attached test case for more details.
> On ApacheDS 1.0-RC1 with allowAnonymousAccess=true the results are:
> - JNDI Client : pass
> - V2 JNDI Client : pass
> - V3 JNDI Client : pass
> - LDAP Client : pass
> - V2 LDAP Client : pass
> - V3 LDAP Client : pass
> In this scenario everything passes as expected.
> On ApacheDS 1.0-RC1 with allowAnonymousAccess=false the results are:
> - JNDI Client : pass
> - V2 JNDI Client : pass
> - V3 JNDI Client : fail
> - LDAP Client : fail
> - V2 LDAP Client : pass
> - V3 LDAP Client : pass
> In this scenario everything was expected to fail.
> On ApacheDS 1.1 with allowAnonymousAccess=true the results are:
> - JNDI Client : pass
> - V2 JNDI Client : fail
> - V3 JNDI Client : pass
> - LDAP Client : pass
> - V2 LDAP Client : fail
> - V3 LDAP Client : pass
> In this scenario everything was expected to pass.
> On ApacheDS 1.1 with allowAnonymousAccess=false the results are:
> - JNDI Client : pass
> - V2 JNDI Client : fail
> - V3 JNDI Client : fail
> - LDAP Client : fail
> - V2 LDAP Client : fail
> - V3 LDAP Client : pass
> In this scenario everything was expected to fail.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (DIRSERVER-605) Inconsistent behavior with
anonymous access
Posted by "Alex Karasulu (JIRA)" <ji...@apache.org>.
[ http://issues.apache.org/jira/browse/DIRSERVER-605?page=comments#action_12372337 ]
Alex Karasulu commented on DIRSERVER-605:
-----------------------------------------
According to the LDAP v3 RFC the rootDSE should be accessible to all clients. So all these tests should pass except for V2 clients. Looking at RC1 results this is pretty consistent except for this "LDAP Client" you have listed. Which client did you use exactly?
> Inconsistent behavior with anonymous access
> -------------------------------------------
>
> Key: DIRSERVER-605
> URL: http://issues.apache.org/jira/browse/DIRSERVER-605
> Project: Directory ApacheDS
> Type: Bug
> Components: core
> Versions: 1.0-RC1, 1.1.0
> Reporter: Endi S. Dewata
> Attachments: AnonymousAccessTest.java
>
> Searching the Root DSE as an anonymous user using different clients produces inconsistent results.
> The tests were performed using Sun's JNDI client and Novell's Java LDAP client (http://www.openldap.org/jldap). Please the notes in the attached test case for more details.
> On ApacheDS 1.0-RC1 with allowAnonymousAccess=true the results are:
> - JNDI Client : pass
> - V2 JNDI Client : pass
> - V3 JNDI Client : pass
> - LDAP Client : pass
> - V2 LDAP Client : pass
> - V3 LDAP Client : pass
> In this scenario everything passes as expected.
> On ApacheDS 1.0-RC1 with allowAnonymousAccess=false the results are:
> - JNDI Client : pass
> - V2 JNDI Client : pass
> - V3 JNDI Client : fail
> - LDAP Client : fail
> - V2 LDAP Client : pass
> - V3 LDAP Client : pass
> In this scenario everything was expected to fail.
> On ApacheDS 1.1 with allowAnonymousAccess=true the results are:
> - JNDI Client : pass
> - V2 JNDI Client : fail
> - V3 JNDI Client : pass
> - LDAP Client : pass
> - V2 LDAP Client : fail
> - V3 LDAP Client : pass
> In this scenario everything was expected to pass.
> On ApacheDS 1.1 with allowAnonymousAccess=false the results are:
> - JNDI Client : pass
> - V2 JNDI Client : fail
> - V3 JNDI Client : fail
> - LDAP Client : fail
> - V2 LDAP Client : fail
> - V3 LDAP Client : pass
> In this scenario everything was expected to fail.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira
[jira] Commented: (DIRSERVER-605) Inconsistent behavior with
anonymous access
Posted by "Endi S. Dewata (JIRA)" <ji...@apache.org>.
[ http://issues.apache.org/jira/browse/DIRSERVER-605?page=comments#action_12372481 ]
Endi S. Dewata commented on DIRSERVER-605:
------------------------------------------
Hi Alex,
The "LDAP Client" tests were performed using Novell's JLDAP library without explicit bind. This should be possible under LDAP v3. As you can see in the attached program, the test case goes like this:
LDAPConnection connection = new LDAPConnection();
connection.connect("localhost", 10389);
LDAPSearchResults results = connection.search("", LDAPConnection.SCOPE_BASE,
"(objectClass=*)", new String[0], false);
Here is the Javadoc of LDAPConnection class:
https://svn.safehaus.org/repos/penrose/trunk/docs/ietf/org/ietf/ldap/LDAPConnection.html
In the "V2 LDAP Client" it calls bind() before calling search():
connection.bind(2, null, null); // bind anonymously
The same thing is done in "V3 LDAP Client" tests.
Now the issues are:
1. In the 0.9.3 results (which I incorrectly marked as 1.0-RC1) when allowAnonymousAccess=true everything passed. However when allowAnonymousAccess=false some test cases passed and some failed. Granted that 0.9.3 is an old code and not being maintained anymore, this is probably a bug but ok if not fixed.
2. In the 1.1 results when allowAnonymousAccess=true only V2 test cases failed. While Root DSE is only defined in LDAPv3, I don't think it limits V2 clients to query Root DSE. Also, V2 clients were already supported in 0.9.3, why not support it in 1.1?
3. In the 1.1 results when allowAnonymousAccess=false, all V2 clients failed, also "V3 JNDI Client" and "LDAP Client (no bind)" failed. The allowAnonymousAccess parameter is not defined in any RFC. To my understanding when it's set to false it could mean:
- reject anonymous access except to Root DSE, or
- reject all anonymous acces including Root DSE.
However, none of these definitions can describe the test results. What is the real definition for allowAnonymousAccess?
Thank you very much!
Endi
> Inconsistent behavior with anonymous access
> -------------------------------------------
>
> Key: DIRSERVER-605
> URL: http://issues.apache.org/jira/browse/DIRSERVER-605
> Project: Directory ApacheDS
> Type: Bug
> Components: core
> Versions: 1.0-RC1, 1.1.0
> Reporter: Endi S. Dewata
> Attachments: AnonymousAccessTest.java
>
> Searching the Root DSE as an anonymous user using different clients produces inconsistent results.
> The tests were performed using Sun's JNDI client and Novell's Java LDAP client (http://www.openldap.org/jldap). Please the notes in the attached test case for more details.
> On ApacheDS 1.0-RC1 with allowAnonymousAccess=true the results are:
> - JNDI Client : pass
> - V2 JNDI Client : pass
> - V3 JNDI Client : pass
> - LDAP Client : pass
> - V2 LDAP Client : pass
> - V3 LDAP Client : pass
> In this scenario everything passes as expected.
> On ApacheDS 1.0-RC1 with allowAnonymousAccess=false the results are:
> - JNDI Client : pass
> - V2 JNDI Client : pass
> - V3 JNDI Client : fail
> - LDAP Client : fail
> - V2 LDAP Client : pass
> - V3 LDAP Client : pass
> In this scenario everything was expected to fail.
> On ApacheDS 1.1 with allowAnonymousAccess=true the results are:
> - JNDI Client : pass
> - V2 JNDI Client : fail
> - V3 JNDI Client : pass
> - LDAP Client : pass
> - V2 LDAP Client : fail
> - V3 LDAP Client : pass
> In this scenario everything was expected to pass.
> On ApacheDS 1.1 with allowAnonymousAccess=false the results are:
> - JNDI Client : pass
> - V2 JNDI Client : fail
> - V3 JNDI Client : fail
> - LDAP Client : fail
> - V2 LDAP Client : fail
> - V3 LDAP Client : pass
> In this scenario everything was expected to fail.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira
[jira] Updated: (DIRSERVER-605) Inconsistent behavior with
anonymous access
Posted by "Endi S. Dewata (JIRA)" <ji...@apache.org>.
[ http://issues.apache.org/jira/browse/DIRSERVER-605?page=all ]
Endi S. Dewata updated DIRSERVER-605:
-------------------------------------
Attachment: AnonymousAccessTest.java
> Inconsistent behavior with anonymous access
> -------------------------------------------
>
> Key: DIRSERVER-605
> URL: http://issues.apache.org/jira/browse/DIRSERVER-605
> Project: Directory ApacheDS
> Type: Bug
> Components: core
> Versions: 1.0-RC1, 1.1.0
> Reporter: Endi S. Dewata
> Attachments: AnonymousAccessTest.java
>
> Searching the Root DSE as an anonymous user using different clients produces inconsistent results.
> The tests were performed using Sun's JNDI client and Novell's Java LDAP client (http://www.openldap.org/jldap). Please the notes in the attached test case for more details.
> On ApacheDS 1.0-RC1 with allowAnonymousAccess=true the results are:
> - JNDI Client : pass
> - V2 JNDI Client : pass
> - V3 JNDI Client : pass
> - LDAP Client : pass
> - V2 LDAP Client : pass
> - V3 LDAP Client : pass
> In this scenario everything passes as expected.
> On ApacheDS 1.0-RC1 with allowAnonymousAccess=false the results are:
> - JNDI Client : pass
> - V2 JNDI Client : pass
> - V3 JNDI Client : fail
> - LDAP Client : fail
> - V2 LDAP Client : pass
> - V3 LDAP Client : pass
> In this scenario everything was expected to fail.
> On ApacheDS 1.1 with allowAnonymousAccess=true the results are:
> - JNDI Client : pass
> - V2 JNDI Client : fail
> - V3 JNDI Client : pass
> - LDAP Client : pass
> - V2 LDAP Client : fail
> - V3 LDAP Client : pass
> In this scenario everything was expected to pass.
> On ApacheDS 1.1 with allowAnonymousAccess=false the results are:
> - JNDI Client : pass
> - V2 JNDI Client : fail
> - V3 JNDI Client : fail
> - LDAP Client : fail
> - V2 LDAP Client : fail
> - V3 LDAP Client : pass
> In this scenario everything was expected to fail.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira
[jira] Assigned: (DIRSERVER-605) Inconsistent behavior with
anonymous access
Posted by "Alex Karasulu (JIRA)" <ji...@apache.org>.
[ http://issues.apache.org/jira/browse/DIRSERVER-605?page=all ]
Alex Karasulu reassigned DIRSERVER-605:
---------------------------------------
Assignee: Alex Karasulu
> Inconsistent behavior with anonymous access
> -------------------------------------------
>
> Key: DIRSERVER-605
> URL: http://issues.apache.org/jira/browse/DIRSERVER-605
> Project: Directory ApacheDS
> Issue Type: Bug
> Components: core
> Affects Versions: 1.0-RC1, 1.1.0
> Reporter: Endi S. Dewata
> Assigned To: Alex Karasulu
> Attachments: AnonymousAccessTest.java
>
>
> Searching the Root DSE as an anonymous user using different clients produces inconsistent results.
> The tests were performed using Sun's JNDI client and Novell's Java LDAP client (http://www.openldap.org/jldap). Please the notes in the attached test case for more details.
> On ApacheDS 1.0-RC1 with allowAnonymousAccess=true the results are:
> - JNDI Client : pass
> - V2 JNDI Client : pass
> - V3 JNDI Client : pass
> - LDAP Client : pass
> - V2 LDAP Client : pass
> - V3 LDAP Client : pass
> In this scenario everything passes as expected.
> On ApacheDS 1.0-RC1 with allowAnonymousAccess=false the results are:
> - JNDI Client : pass
> - V2 JNDI Client : pass
> - V3 JNDI Client : fail
> - LDAP Client : fail
> - V2 LDAP Client : pass
> - V3 LDAP Client : pass
> In this scenario everything was expected to fail.
> On ApacheDS 1.1 with allowAnonymousAccess=true the results are:
> - JNDI Client : pass
> - V2 JNDI Client : fail
> - V3 JNDI Client : pass
> - LDAP Client : pass
> - V2 LDAP Client : fail
> - V3 LDAP Client : pass
> In this scenario everything was expected to pass.
> On ApacheDS 1.1 with allowAnonymousAccess=false the results are:
> - JNDI Client : pass
> - V2 JNDI Client : fail
> - V3 JNDI Client : fail
> - LDAP Client : fail
> - V2 LDAP Client : fail
> - V3 LDAP Client : pass
> In this scenario everything was expected to fail.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (DIRSERVER-605) Inconsistent behavior with
anonymous access
Posted by "Endi S. Dewata (JIRA)" <ji...@apache.org>.
[ http://issues.apache.org/jira/browse/DIRSERVER-605?page=comments#action_12372334 ]
Endi S. Dewata commented on DIRSERVER-605:
------------------------------------------
Correction: the results from 1.0-RC1 are actually from 0.9.3. The actual results from 1.0-RC1 are identical to those from 1.1. The issue is still valid though, there are inconsistencies even within a single test case.
> Inconsistent behavior with anonymous access
> -------------------------------------------
>
> Key: DIRSERVER-605
> URL: http://issues.apache.org/jira/browse/DIRSERVER-605
> Project: Directory ApacheDS
> Type: Bug
> Components: core
> Versions: 1.0-RC1, 1.1.0
> Reporter: Endi S. Dewata
> Attachments: AnonymousAccessTest.java
>
> Searching the Root DSE as an anonymous user using different clients produces inconsistent results.
> The tests were performed using Sun's JNDI client and Novell's Java LDAP client (http://www.openldap.org/jldap). Please the notes in the attached test case for more details.
> On ApacheDS 1.0-RC1 with allowAnonymousAccess=true the results are:
> - JNDI Client : pass
> - V2 JNDI Client : pass
> - V3 JNDI Client : pass
> - LDAP Client : pass
> - V2 LDAP Client : pass
> - V3 LDAP Client : pass
> In this scenario everything passes as expected.
> On ApacheDS 1.0-RC1 with allowAnonymousAccess=false the results are:
> - JNDI Client : pass
> - V2 JNDI Client : pass
> - V3 JNDI Client : fail
> - LDAP Client : fail
> - V2 LDAP Client : pass
> - V3 LDAP Client : pass
> In this scenario everything was expected to fail.
> On ApacheDS 1.1 with allowAnonymousAccess=true the results are:
> - JNDI Client : pass
> - V2 JNDI Client : fail
> - V3 JNDI Client : pass
> - LDAP Client : pass
> - V2 LDAP Client : fail
> - V3 LDAP Client : pass
> In this scenario everything was expected to pass.
> On ApacheDS 1.1 with allowAnonymousAccess=false the results are:
> - JNDI Client : pass
> - V2 JNDI Client : fail
> - V3 JNDI Client : fail
> - LDAP Client : fail
> - V2 LDAP Client : fail
> - V3 LDAP Client : pass
> In this scenario everything was expected to fail.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira